make sync_schema_props_perms(<computed rtype>) work as expected
It currently ends up with an ExecutionError while we want to synchronize
permissions. This makes 3.21.1 migration of any application using computed
relation crashing.
Also, remove pre 3.6 compat code in hooks that prevent living schema update on
computed relation's permission changes.
--- a/hooks/syncschema.py Thu Oct 08 13:51:54 2015 +0200
+++ b/hooks/syncschema.py Wed Sep 16 16:04:17 2015 +0200
@@ -905,11 +905,6 @@
# duh, schema not found, log error and skip operation
self.warning('no schema for %s', self.eid)
return
- if isinstance(erschema, RelationSchema): # XXX 3.6 migration
- return
- if isinstance(erschema, RelationDefinitionSchema) and \
- self.action in ('delete', 'add'): # XXX 3.6.1 migration
- return
perms = list(erschema.action_permissions(self.action))
if self.group_eid is not None:
perm = self.cnx.entity_from_eid(self.group_eid).name
--- a/server/migractions.py Thu Oct 08 13:51:54 2015 +0200
+++ b/server/migractions.py Wed Sep 16 16:04:17 2015 +0200
@@ -458,7 +458,10 @@
assert reporschema.eid, reporschema
self.rqlexecall(ss.updaterschema2rql(rschema, reporschema.eid),
ask_confirm=self.verbosity>=2)
- if syncrdefs:
+ if rschema.rule:
+ if syncperms:
+ self._synchronize_permissions(rschema, reporschema.eid)
+ elif syncrdefs:
for subj, obj in rschema.rdefs:
if (subj, obj) not in reporschema.rdefs:
continue
@@ -572,6 +575,7 @@
against its current definition:
* order and other properties
* constraints
+ * permissions
"""
subjtype, objtype = str(subjtype), str(objtype)
rschema = self.fs_schema.rschema(rtype)
--- a/server/test/datacomputed/migratedapp/schema.py Thu Oct 08 13:51:54 2015 +0200
+++ b/server/test/datacomputed/migratedapp/schema.py Wed Sep 16 16:04:17 2015 +0200
@@ -59,3 +59,8 @@
class renamed(ComputedRelation):
rule = 'S employees E, O concerns E'
+
+
+class perm_changes(ComputedRelation):
+ __permissions__ = {'read': ('managers',)}
+ rule = 'S employees E, O concerns E'
--- a/server/test/datacomputed/schema.py Thu Oct 08 13:51:54 2015 +0200
+++ b/server/test/datacomputed/schema.py Wed Sep 16 16:04:17 2015 +0200
@@ -58,3 +58,8 @@
class to_be_renamed(ComputedRelation):
rule = 'S employees E, O concerns E'
+
+
+class perm_changes(ComputedRelation):
+ __permissions__ = {'read': ('managers', 'users')}
+ rule = 'S employees E, O concerns E'
--- a/server/test/unittest_migractions.py Thu Oct 08 13:51:54 2015 +0200
+++ b/server/test/unittest_migractions.py Wed Sep 16 16:04:17 2015 +0200
@@ -784,6 +784,20 @@
self.assertEqual(self.schema['whatever'].subjects(), ('Company',))
self.assertFalse(self.table_sql(mh, 'whatever_relation'))
+ def test_computed_relation_sync_schema_props_perms_security(self):
+ with self.mh() as (cnx, mh):
+ rdef = next(self.schema['perm_changes'].rdefs.itervalues())
+ self.assertEqual(rdef.permissions,
+ {'add': (), 'delete': (),
+ 'read': ('managers', 'users')})
+ mh.cmd_sync_schema_props_perms('perm_changes')
+ self.assertEqual(self.schema['perm_changes'].permissions,
+ {'read': ('managers',)})
+ rdef = next(self.schema['perm_changes'].rdefs.itervalues())
+ self.assertEqual(rdef.permissions,
+ {'add': (), 'delete': (),
+ 'read': ('managers',)})
+
def test_computed_relation_sync_schema_props_perms_on_rdef(self):
self.assertIn('whatever', self.schema)
with self.mh() as (cnx, mh):